Description
- Remote Desktop Protocol (RDP) for remote access running Windows
- Windows Remote Management (WinRM) remote management protocol to establish connections to remote hosts and their applications
- Windows Management Instrumentation (WMI) allows read and write access to many settings on Windows
Interaction / Commands
- identify security settings of RDP servers
./rdp-sec-check.pl IP_Address
- Initiate RDP session
xfreerdp /u:username /p:"password" /v:IP_Address
- Test-WsMan cmdlet for Powershell to find if remote hosts can be reached
- evil-winrm
evil-winrm -i IP_Address -u username -p password
Footprinting
RDP
sudo -sV -sC IP_Address -p3389 --script rdp*
WinRM
nmap -sV -sC IP_Address -p5985,5986
WMI
/usr/share/doc/python3-impacket/examples/wmiexec.py username:"password"@IP_Address "hostname"